Merge pull request #62649 from liggitt/loopback-routing

Automatic merge from submit-queue (batch tested with PRs 50899, 62649). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Ensure webhook service routing resolves kubernetes.default.svc correctly

Going through the normal endpoint resolve path isn't correct in multi-master scenarios

The auth wrapper is pulling from LoopbackClientConfig, the service resolver should do the same

```release-note
Fixes the kubernetes.default.svc loopback service resolution to use a loopback configuration.
```

Kubernetes-commit: 9c25da64f0f302f69fb14af486bc181cce22293b

Godeps/Godeps.json

@@ -1,6 +1,6 @@
 {
 	"ImportPath": "k8s.io/client-go",
-	"GoVersion": "go1.10",
+	"GoVersion": "go1.9",
 	"GodepVersion": "v80",
 	"Packages": [
 		"./..."
@@ -360,215 +360,215 @@
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/equality",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/errors",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/meta",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/resource",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/testing",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/testing/fuzzer",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/testing/roundtrip",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apimachinery",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apimachinery/announced",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apimachinery/registered",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1beta1",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/fields",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/labels",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/schema",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/selection",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/types",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/cache",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/clock",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/diff",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/errors",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/framer",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream/spdy",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/intstr",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/json",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/net",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/remotecommand",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/runtime",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/sets",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation/field",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/wait",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/yaml",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/version",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/watch",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect",
-			"Rev": "1c973d529bdf4c4f349357ca665fb8e1d13e2d0d"
+			"Rev": "73aa818bbacf185a03468ddc170fb275763dec3d"
 		},
 		{
 			"ImportPath": "k8s.io/kube-openapi/pkg/util/proto",

transport/cache.go

@@ -44,6 +44,7 @@ type tlsCacheKey struct {
 	certData   string
 	keyData    string
 	serverName string
+	dial       string
 }
 
 func (t tlsCacheKey) String() string {
@@ -51,7 +52,7 @@ func (t tlsCacheKey) String() string {
 	if len(t.keyData) > 0 {
 		keyText = "<redacted>"
 	}
-	return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s", t.insecure, t.caData, t.certData, keyText, t.serverName)
+	return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s, dial:%s", t.insecure, t.caData, t.certData, keyText, t.serverName, t.dial)
 }
 
 func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
@@ -75,7 +76,7 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
 		return nil, err
 	}
 	// The options didn't require a custom TLS config
-	if tlsConfig == nil {
+	if tlsConfig == nil && config.Dial == nil {
 		return http.DefaultTransport, nil
 	}
 
@@ -109,5 +110,6 @@ func tlsConfigKey(c *Config) (tlsCacheKey, error) {
 		certData:   string(c.TLS.CertData),
 		keyData:    string(c.TLS.KeyData),
 		serverName: c.TLS.ServerName,
+		dial:       fmt.Sprintf("%p", c.Dial),
 	}, nil
 }

transport/cache_test.go

@@ -17,6 +17,7 @@ limitations under the License.
 package transport
 
 import (
+	"net"
 	"net/http"
 	"testing"
 )
@@ -53,6 +54,8 @@ func TestTLSConfigKey(t *testing.T) {
 	// Make sure config fields that affect the tls config affect the cache key
 	uniqueConfigurations := map[string]*Config{
 		"no tls":   {},
+		"dialer":   {Dial: net.Dial},
+		"dialer2":  {Dial: func(network, address string) (net.Conn, error) { return nil, nil }},
 		"insecure": {TLS: TLSConfig{Insecure: true}},
 		"cadata 1": {TLS: TLSConfig{CAData: []byte{1}}},
 		"cadata 2": {TLS: TLSConfig{CAData: []byte{2}}},
@@ -104,11 +107,6 @@ func TestTLSConfigKey(t *testing.T) {
 	}
 	for nameA, valueA := range uniqueConfigurations {
 		for nameB, valueB := range uniqueConfigurations {
-			// Don't compare to ourselves
-			if nameA == nameB {
-				continue
-			}
-
 			keyA, err := tlsConfigKey(valueA)
 			if err != nil {
 				t.Errorf("Unexpected error for %q: %v", nameA, err)
@@ -119,6 +117,15 @@ func TestTLSConfigKey(t *testing.T) {
 				t.Errorf("Unexpected error for %q: %v", nameB, err)
 				continue
 			}
+
+			// Make sure we get the same key on the same config
+			if nameA == nameB {
+				if keyA != keyB {
+					t.Errorf("Expected identical cache keys for %q and %q, got:\n\t%s\n\t%s", nameA, nameB, keyA, keyB)
+				}
+				continue
+			}
+
 			if keyA == keyB {
 				t.Errorf("Expected unique cache keys for %q and %q, got:\n\t%s\n\t%s", nameA, nameB, keyA, keyB)
 				continue

transport/transport.go

@@ -52,7 +52,7 @@ func New(config *Config) (http.RoundTripper, error) {
 // TLSConfigFor returns a tls.Config that will provide the transport level security defined
 // by the provided Config. Will return nil if no transport level security is requested.
 func TLSConfigFor(c *Config) (*tls.Config, error) {
-	if !(c.HasCA() || c.HasCertAuth() || c.TLS.Insecure) {
+	if !(c.HasCA() || c.HasCertAuth() || c.TLS.Insecure || len(c.TLS.ServerName) > 0) {
 		return nil, nil
 	}
 	if c.HasCA() && c.TLS.Insecure {

transport/transport_test.go

@@ -101,6 +101,13 @@ func TestNew(t *testing.T) {
 			Config:  &Config{},
 		},
 
+		"server name": {
+			TLS: true,
+			Config: &Config{TLS: TLSConfig{
+				ServerName: "foo",
+			}},
+		},
+
 		"ca transport": {
 			TLS: true,
 			Config: &Config{